By using this site, you agree to our updated Privacy Policy and our Terms of Use. Manage your Cookies Settings.
457,900 Members | 1,370 Online
Bytes IT Community
+ Ask a Question
Need help? Post your question and get tips & solutions from a community of 457,900 IT Pros & Developers. It's quick & easy.

Go to Login Page when session expires

P: n/a
Hi all,
I was wondering how i could write some code which would automatically open
the Login Page once the session has expired?

--
Ad****@hotmail.com
Nov 19 '05 #1
Share this Question
Share on Google+
12 Replies


P: n/a
You can use the setTimeout javascript function for this.

<script language="javascript">
//this will call the javascript method _SessionExpired after 20 minutes

setTimeout( "_SessionExpired()", 20 * 60 * 1000 );

function _SessionExpired()
{
location.href = "login.aspx";
}
</script>

When 20 minutes has elapsed from the page opening the browser will be
redirected to the login page. Since you are going to be redirecting the
user you might want to give them a warning at say 19 minutes their session
is about to expire.

HTH,

bill

"ACaunter" <Ad****@hotmail.com> wrote in message
news:2C**********************************@microsof t.com...
Hi all,
I was wondering how i could write some code which would automatically open
the Login Page once the session has expired?

--
Ad****@hotmail.com

Nov 19 '05 #2

P: n/a
You can also put the following in Global.asax:

protected void Session_End(Object sender, EventArgs e)
{
Response.Redirect( "login.aspx" );
}

Nov 19 '05 #3

P: n/a
Neither that, nor the other solutions offered, will work.

When a session ends/expires, the server has no way
of knowing whether the user has already left the site
and is currently 10 sites away.


Juan T. Llibre
ASP.NET MVP
===========
"Stefan Kiryazov" <ch***@bulgaria.com> wrote in message
news:11**********************@f14g2000cwb.googlegr oups.com...
You can also put the following in Global.asax:

protected void Session_End(Object sender, EventArgs e)
{
Response.Redirect( "login.aspx" );
}

Nov 19 '05 #4

P: n/a
This will not work.

There is no HttpContext for the Session End event. This is a server side
only event.

bill

"Stefan Kiryazov" <ch***@bulgaria.com> wrote in message
news:11**********************@f14g2000cwb.googlegr oups.com...
You can also put the following in Global.asax:

protected void Session_End(Object sender, EventArgs e)
{
Response.Redirect( "login.aspx" );
}

Nov 19 '05 #5

P: n/a
I disagree. If the user leaves a page up (open) for the 20 minute Session
timeout, you can still direct them to another page. If the user has left
your site, you wouldn't want to redirect them to the login page, nor can
you.

He was asking about redirecting a user automatically when their Session
times out. Now the only hole in the solution offered is the Application
Restarts, the session will be new, but there is no way to notifiy the
browser.

bill

"Juan T. Llibre" <no***********@nowhere.com> wrote in message
news:%2****************@TK2MSFTNGP09.phx.gbl...
Neither that, nor the other solutions offered, will work.

When a session ends/expires, the server has no way
of knowing whether the user has already left the site
and is currently 10 sites away.


Juan T. Llibre
ASP.NET MVP
===========
"Stefan Kiryazov" <ch***@bulgaria.com> wrote in message
news:11**********************@f14g2000cwb.googlegr oups.com...
You can also put the following in Global.asax:

protected void Session_End(Object sender, EventArgs e)
{
Response.Redirect( "login.aspx" );
}


Nov 19 '05 #6

P: n/a
re:
If the user leaves a page up (open) for the 20 minute
Session timeout, you can still direct them to another page.
Try it.

What you suggest will only enable Javascript redirection
after 20 minutes of inactivity in the page the JS script is in,
and is totally unrelated to the actual Session expiration/end.

What if the user has two windows open on your site,
and one of them is left open for the 20 minutes you
specify, but he is actively browsing the site in the other
window ( thereby keeping his Session alive ) ?

re: the only hole in the solution offered
is the Application Restarts
The Application won't restart only
because a User Session expires/ends.


Juan T. Llibre
ASP.NET MVP
===========
"William F. Robertson, Jr." <th****@nameht.org> wrote in message
news:uz**************@TK2MSFTNGP10.phx.gbl...I disagree. If the user leaves a page up (open) for the 20 minute Session
timeout, you can still direct them to another page. If the user has left
your site, you wouldn't want to redirect them to the login page, nor can
you.

He was asking about redirecting a user automatically when their Session
times out. Now the only hole in the solution offered is the Application
Restarts, the session will be new, but there is no way to notifiy the
browser.

bill

"Juan T. Llibre" <no***********@nowhere.com> wrote in message
news:%2****************@TK2MSFTNGP09.phx.gbl...
Neither that, nor the other solutions offered, will work.

When a session ends/expires, the server has no way
of knowing whether the user has already left the site
and is currently 10 sites away.


Juan T. Llibre
ASP.NET MVP
===========
"Stefan Kiryazov" <ch***@bulgaria.com> wrote in message
news:11**********************@f14g2000cwb.googlegr oups.com...
> You can also put the following in Global.asax:
>
> protected void Session_End(Object sender, EventArgs e)
> {
> Response.Redirect( "login.aspx" );
> }

Nov 19 '05 #7

P: n/a
ACaunter--
So in short, this is impossible to achieve completely.

Juan--
Ahhh. I had not thought about the new window, same session scenario.

What I suggested was to set his javascript redirection timeout the same as
the server. Unless of course asp.net ignores the SessionTimeout settings
and just randomly times out Sessions. In which case it wouldn't work.
The Application won't restart only
because a User Session expires/ends.
Ofcourse not, but the Application restart will cause all of the Sessions to
be recreated on next postback. Thus they will be ended.

bill
"Juan T. Llibre" <no***********@nowhere.com> wrote in message
news:%2****************@TK2MSFTNGP12.phx.gbl... re:
If the user leaves a page up (open) for the 20 minute
Session timeout, you can still direct them to another page.


Try it.

What you suggest will only enable Javascript redirection
after 20 minutes of inactivity in the page the JS script is in,
and is totally unrelated to the actual Session expiration/end.

What if the user has two windows open on your site,
and one of them is left open for the 20 minutes you
specify, but he is actively browsing the site in the other
window ( thereby keeping his Session alive ) ?

re:
the only hole in the solution offered
is the Application Restarts


The Application won't restart only
because a User Session expires/ends.


Juan T. Llibre
ASP.NET MVP
===========
"William F. Robertson, Jr." <th****@nameht.org> wrote in message
news:uz**************@TK2MSFTNGP10.phx.gbl...
I disagree. If the user leaves a page up (open) for the 20 minute Session timeout, you can still direct them to another page. If the user has left your site, you wouldn't want to redirect them to the login page, nor can
you.

He was asking about redirecting a user automatically when their Session
times out. Now the only hole in the solution offered is the Application
Restarts, the session will be new, but there is no way to notifiy the
browser.

bill

"Juan T. Llibre" <no***********@nowhere.com> wrote in message
news:%2****************@TK2MSFTNGP09.phx.gbl...
Neither that, nor the other solutions offered, will work.

When a session ends/expires, the server has no way
of knowing whether the user has already left the site
and is currently 10 sites away.


Juan T. Llibre
ASP.NET MVP
===========
"Stefan Kiryazov" <ch***@bulgaria.com> wrote in message
news:11**********************@f14g2000cwb.googlegr oups.com...
> You can also put the following in Global.asax:
>
> protected void Session_End(Object sender, EventArgs e)
> {
> Response.Redirect( "login.aspx" );
> }


Nov 19 '05 #8

P: n/a
re:
Unless of course asp.net ignores the
SessionTimeout settings and just
randomly times out Sessions.
Very early versions of ASP had that sort of hiccup.

ASP.NET has improved the
handling of Session data quite a lot.

re: What I suggested was to set his javascript
redirection timeout the same as the server.
The problem is that they run on different "clocks".

JavaScript only knows about individual pages,
not about ASP.NET user sessions.

The ASP.NET server knows about user sessions.

Juan T. Llibre
ASP.NET MVP
===========
"William F. Robertson, Jr." <th****@nameht.org> wrote in message
news:ud**************@tk2msftngp13.phx.gbl... ACaunter--
So in short, this is impossible to achieve completely.

Juan--
Ahhh. I had not thought about the new window, same session scenario.

What I suggested was to set his javascript redirection timeout the same as
the server. Unless of course asp.net ignores the SessionTimeout settings
and just randomly times out Sessions. In which case it wouldn't work.
The Application won't restart only
because a User Session expires/ends.


Ofcourse not, but the Application restart will cause all of the Sessions
to
be recreated on next postback. Thus they will be ended.

bill
"Juan T. Llibre" <no***********@nowhere.com> wrote in message
news:%2****************@TK2MSFTNGP12.phx.gbl...
re:
> If the user leaves a page up (open) for the 20 minute
> Session timeout, you can still direct them to another page.


Try it.

What you suggest will only enable Javascript redirection
after 20 minutes of inactivity in the page the JS script is in,
and is totally unrelated to the actual Session expiration/end.

What if the user has two windows open on your site,
and one of them is left open for the 20 minutes you
specify, but he is actively browsing the site in the other
window ( thereby keeping his Session alive ) ?

re:
> the only hole in the solution offered
> is the Application Restarts


The Application won't restart only
because a User Session expires/ends.


Juan T. Llibre
ASP.NET MVP
===========
"William F. Robertson, Jr." <th****@nameht.org> wrote in message
news:uz**************@TK2MSFTNGP10.phx.gbl...
>I disagree. If the user leaves a page up (open) for the 20 minute Session > timeout, you can still direct them to another page. If the user has left > your site, you wouldn't want to redirect them to the login page, nor
> can
> you.
>
> He was asking about redirecting a user automatically when their Session
> times out. Now the only hole in the solution offered is the
> Application
> Restarts, the session will be new, but there is no way to notifiy the
> browser.
>
> bill
>
> "Juan T. Llibre" <no***********@nowhere.com> wrote in message
> news:%2****************@TK2MSFTNGP09.phx.gbl...
>> Neither that, nor the other solutions offered, will work.
>>
>> When a session ends/expires, the server has no way
>> of knowing whether the user has already left the site
>> and is currently 10 sites away.
>>
>>
>>
>>
>> Juan T. Llibre
>> ASP.NET MVP
>> ===========
>> "Stefan Kiryazov" <ch***@bulgaria.com> wrote in message
>> news:11**********************@f14g2000cwb.googlegr oups.com...
>> > You can also put the following in Global.asax:
>> >
>> > protected void Session_End(Object sender, EventArgs e)
>> > {
>> > Response.Redirect( "login.aspx" );
>> > }



Nov 19 '05 #9

P: n/a
Thanks for the replies,
This javascript code, would I put this on each of my pages for my site???
<script language="javascript">
//this will call the javascript method _SessionExpired after 20 minutes

setTimeout( "_SessionExpired()", 20 * 60 * 1000 );

function _SessionExpired()
{
location.href = "login.aspx";
}
</script>


... and i don't have to worry about 2 windows being open and the one being
left for 20 mins, that won't happen on my site.. i hope :p.. but ya.. Right
now i have my timeout set for 1 hour i believe, so i was hoping that if the
session expires after the hour, the site will automatically go back to the
login page, knowing the session var's are gone, and they can restart them..

also, for the session expiring.. is it no matter what after an hour they are
gone, or only if the screen is left still, not used, for the hour...??

and whatabout this code, do i need to put it in my global page too??

protected void Session_End(Object sender, EventArgs e)
{
Response.Redirect( "login.aspx" );
}
thanks
Nov 19 '05 #10

P: n/a
re:
This javascript code, would I put this
on each of my pages for my site???
If all you want to do is insure that your users will always
have Session contents available, i.e., insure that their
sessions don't timeout when they leave their browsers
open on the same page, without doing anything alse for
a period of time which is larger that your Session Timeout
setting, all you'd need to do is use a Meta Refresh tag :
<meta http-equiv="refresh" content="600">

That would refresh the page every 10 minutes (600 seconds).
If you need a higher value, set the number to a larger value.

That is much simpler than the JavaScript solution,
which doesn't synchronize with Session timeout, anyway.

Be forewarned : users don't like applications/servers
messing with how they view the site, and this strategy
may well backfire on you, as would any other method
you use to insure that a page will refresh, or that a user
will be redirected against his will to other pages.

re: and whatabout this code,
do i need to put it in my global page too??
As previously said, setting protected void Session_End(Object sender, EventArgs e)
Response.Redirect( "login.aspx" );
will *not* work because when the session ends
the server has no way of sending a response to
the client, who might be long gone, anyway.


Juan T. Llibre
ASP.NET MVP
===========
"ACaunter" <Ad****@hotmail.com> wrote in message
news:54**********************************@microsof t.com... Thanks for the replies,
This javascript code, would I put this on each of my pages for my site???
<script language="javascript">
//this will call the javascript method _SessionExpired after 20 minutes

setTimeout( "_SessionExpired()", 20 * 60 * 1000 );

function _SessionExpired()
{
location.href = "login.aspx";
}
</script>


.. and i don't have to worry about 2 windows being open and the one being
left for 20 mins, that won't happen on my site.. i hope :p.. but ya..
Right
now i have my timeout set for 1 hour i believe, so i was hoping that if
the
session expires after the hour, the site will automatically go back to the
login page, knowing the session var's are gone, and they can restart
them..

also, for the session expiring.. is it no matter what after an hour they
are
gone, or only if the screen is left still, not used, for the hour...??

and whatabout this code, do i need to put it in my global page too??

protected void Session_End(Object sender, EventArgs e)
{
Response.Redirect( "login.aspx" );
}
thanks



Nov 19 '05 #11

P: n/a
Plus if I am typing in a long form and the 10 minutes hits, them whammo, my
last ten minutes worth of work are gone because the page will be
re-requested, and not posted.

Unless Juan instructs the meta tag will "post" a form rather than a "get".

Juan,

What if you set a httpHandler that did nothing and implement
IRequiresSessionState. Then use the javascript timer to change the url of a
hidden image on the page. It would hit the server and keep the session
alive.

bill

"Juan T. Llibre" <no***********@nowhere.com> wrote in message
news:uU**************@TK2MSFTNGP09.phx.gbl...
re:
This javascript code, would I put this
on each of my pages for my site???


If all you want to do is insure that your users will always
have Session contents available, i.e., insure that their
sessions don't timeout when they leave their browsers
open on the same page, without doing anything alse for
a period of time which is larger that your Session Timeout
setting, all you'd need to do is use a Meta Refresh tag :
<meta http-equiv="refresh" content="600">

That would refresh the page every 10 minutes (600 seconds).
If you need a higher value, set the number to a larger value.

That is much simpler than the JavaScript solution,
which doesn't synchronize with Session timeout, anyway.

Be forewarned : users don't like applications/servers
messing with how they view the site, and this strategy
may well backfire on you, as would any other method
you use to insure that a page will refresh, or that a user
will be redirected against his will to other pages.

re:
and whatabout this code,
do i need to put it in my global page too??


As previously said, setting
protected void Session_End(Object sender, EventArgs e)
Response.Redirect( "login.aspx" );


will *not* work because when the session ends
the server has no way of sending a response to
the client, who might be long gone, anyway.


Juan T. Llibre
ASP.NET MVP
===========
"ACaunter" <Ad****@hotmail.com> wrote in message
news:54**********************************@microsof t.com...
Thanks for the replies,
This javascript code, would I put this on each of my pages for my site???
<script language="javascript">
//this will call the javascript method _SessionExpired after 20 minutes

setTimeout( "_SessionExpired()", 20 * 60 * 1000 );

function _SessionExpired()
{
location.href = "login.aspx";
}
</script>


.. and i don't have to worry about 2 windows being open and the one being left for 20 mins, that won't happen on my site.. i hope :p.. but ya..
Right
now i have my timeout set for 1 hour i believe, so i was hoping that if
the
session expires after the hour, the site will automatically go back to the login page, knowing the session var's are gone, and they can restart
them..

also, for the session expiring.. is it no matter what after an hour they
are
gone, or only if the screen is left still, not used, for the hour...??

and whatabout this code, do i need to put it in my global page too??

protected void Session_End(Object sender, EventArgs e)
{
Response.Redirect( "login.aspx" );
}
thanks


Nov 19 '05 #12

P: n/a

William was on the right track with putting the redirect in th
global.asax, but it should be on session start, not end:
protected void Session_Start(Object sender, EventArgs e)
{
Response.Redirect( "login.aspx" );
}


A session-end will never reach the user/browser. But when that use
re-requests the page, a new session will start, and the session_star
event will fire, redirecting the user

--
NikkolBPosted from http://www.pcreview.co.uk/ newsgroup acces

Nov 19 '05 #13

This discussion thread is closed

Replies have been disabled for this discussion.